Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



British Army Looking For Gamers For Their Smart-Tanks

plsuh It's not a tank (163 comments)

Geez how the press gets this sort of thing so wrong. It's not a tank, it's an Infantry Fighting Vehicle (IFV). It's lightly armored against small arms and small-bore auto-cannon rounds, not against ATGMs, tank main guns, or RPGs.


The weight at 34 tonnes is much less than that of any current front-line tank (according to Wikipedia the Challenger 2 is 62.5 tonnes, almost double the Scout SV). It is a lot heavier than most current IFV's (e.g., the German Marder at 28 tonnes or BMP-3 at 18.7 tonnes), but that may not be such a good thing. It makes strategic mobility more of a problem and ensures that the Scout SV can't swim across rivers by itself.

Some reporter just cut and pasted from the press release. Feh!


about 2 months ago

Ask Slashdot: Good Technology Conferences To Attend?

plsuh Suggestions for the Apple technologist (131 comments)

In chronological order looking forward:

MacTech Boot Camps - http://www.mactech.com/bootcam...
Small, local, inexpensive. Check to see if there's one close to you.

MacTech Conference - http://www.mactech.com/confere...
Larger, both sysadmin and developer tracks

MacIT - http://www.macitconf.com/
Larger, multiple tracks and levels of knowledge

WWDC - https://developer.apple.com/ww...
The granddaddy of them all, but next to impossible to get into these days. Mostly developer focused. May not be useful if you don't already have a deep knowledge base.

MacAdmins - http://macadmins.psu.edu/
The most education-focused of the conferences. Very knowledgeable presenters.

FWIW, I've been a presenter at MacTech Boot Camps, MacIT, and WWDC.


about 4 months ago

Ask Slashdot: Rescuing a PC That's Been Hit By Scammers?

plsuh Remove dad's admin privs (320 comments)

Lots of good advice so far, but one more item -- since your father has turned sysadmin tasks over to you, once you wipe and re-install, set up his account on the computer so that it is a restricted user account, not an admin account. If he isn't doing sysadmin tasks then he doesn't need the privs and this limits the amount of damage that a scammer can do to the computer. (Although getting his SSN and other info is still really bad.)


more than 2 years ago

Ask Slashdot: Managing Encrypted Android Devices In State and Local Gov't?

plsuh iOS has encryption and management built-in (138 comments)

I'm a former Apple engineer, current independent consultant, so I'm not going to address the Android side. That's a lot more complicated -- I'll stick with talking about the iOS info that I know about.

That said, wow, there's a lot of snarky comments but not a lot of information posted.

iOS has full-device hardware encryption built-in on the iPhone 3GS and later, activated as soon as you set up a passcode. This top-level encryption layer is for quick device wipes, not for data protection. Each user data file is then encrypted on top of that using its own unique key, then set into a protection class by the app developer:

  - Complete Protection - decrypted only when the device is unlocked; file key is removed from memory when the device is locked.

  - Protected Unless Open - decrypted when the device is unlocked; if file is open when the device locks, the file stays open/decrypted.

  - Protected Until First User Authentication - decrypted on first unlock, stays decrypted until reboot

  - No Protection - file system encryption only; no per-file encryption key

Apple has really been on developers cases to tighten down the data protection classes for their apps on iOS.

In addition, iOS has a huge number of remote management options. Apple provides a basic management tool called Profile Manager in Lion Server, and there are third-party Mobile Device Managers (MDMs) that take the basics and go even further. You can force complex passcodes, pre-configure e-mail accounts, restrict usage of features, and so on. The enterpriseios.com site has a pretty complete listing.

One of the cool things about using iOS MDM is that all of the configuration profiles are tied to the management profile that gets installed when the device is first enrolled with the MDM. If you're in a BYOD situation and a user leaves on bad terms, the IT department can retract the management profile, which automatically retracts all of the other configuration profiles. This will delete corporate e-mail accounts, remove in-house apps (and their data!), take away VPN and 802.1X access, and so on, without erasing the person's device entirely. All of the pictures the person took are still there, not blown away as they would be after a complete device wipe.

Anyway, a few links that may help you out:

http://consultants.apple.com/index.php - look for consultants with the Mobility specialization
https://help.apple.com/advancedserveradmin/mac/10.7/ - go into "Manage Users" --> "Profile Manager" on the right

Hope this helps.


more than 2 years ago

Best Software For Putting Lectures Online?

plsuh Apple's Podcast Publisher and Podcast Library (126 comments)

This is exactly the design scenario for Podcast Publisher and Podcast Library.


While it can take advantage of a whole cluster of servers, it can also run (albeit more slowly) on a single Core i7 Mini Server. For more detailed docs, see:


It's in use at lots of universities and some K-12 schools.

Hope this helps.


more than 2 years ago

Certificate Blunders May Mean the End For DigiNotar

plsuh Already dead (128 comments)

This is just going through the motions. DigiNotar has been dead since August 30, when Google, Mozilla, and Microsoft all revoked trust in their certificates. Anyone with at least two brain cells (which seems to exclude a large number of managers, unfortunately) could see the writing on the wall. No one would ever buy a new DigiNotar certificate, since it would always pop up a scary warning to the user in a web browser. Why bother with buying a certificate from DigiNotar and dealing with the resulting end-user support issues, when you can buy from someone else and not have to deal with the problem?

More interesting to me is what will happen to DigiNotar's corporate parent, Vasco Data Security? The purchase of DigiNotar is relatively recent (January 10, 2011), so it's not clear how much influence Vasco's management had over DigiNotar's operations. At the very least, Vasco is going to need to pay for an audit of its own systems to reassure its direct customers.


more than 3 years ago

Apple Criticized For Not Blocking Stolen Certs

plsuh Hard Info and Tools (154 comments)


I have detailed info and tools on my website at


The short story is that it is possible to protect yourself, but it requires deleting the DigiNotar root cert(s), then revoking trust on the two roots plus four intermediates.


more than 3 years ago

Dutch Government Revokes Diginotar Certificates

plsuh For Mac Users (78 comments)

Apple is behind the curve on this, almost certainly due to a bug in the handling of Extended Validation certificates that needs to be fixed. Until then, I have info and tools on my web page to help users with the problem.



more than 3 years ago

Ask Slashdot: Overcoming Convention Hall Wi-Fi Interference?

plsuh Re:Just ask What would Jobs do? (251 comments)

"...announce on the loud speaker in a polite English accent..."

FYI, this will not work. Steve Jobs does not have an English accent.


more than 3 years ago

TN BlueCross Encrypts All Data After 57 Disks Stolen

plsuh Cheap, but what about ongoing costs? (140 comments)

$6 million is pocket change to a company that has $5.2 billion in annual revenue. However, the true cost is really higher, as encrypting everything means that things like disk corruption are no longer repairable, lost passwords can't be reset without losing data, and the like. It'd be interesting to see just what the ongoing costs are.

That said, I would like to compliment Tennessee BC/BS for doing the right thing, in spite of it costing money.


more than 3 years ago

PlanetLab Creates a More Advanced Sudo

plsuh Subject to race conditions -- lame (153 comments)


Does no one remember 2007? Bob Watson presented a paper on exploiting concurrency to break all kinds of things like systrace back then, complete with example code. Vsys is the same kind of thing -- it has processes executing in an outside space where you can have a race condition and force the parameters to change after the clearance check but before it actually does the work. See:



more than 3 years ago

Cheap GPUs Rendering Strong Passwords Useless

plsuh Re:Ha Ha, mine goes to 11 (615 comments)

consistently (a) remember a long password and (b) type it without a failure at least 50% of the time, is in the single digits.

This myth needs to end. Most people can memorize phrases hundreds of words long:

You missed the second part -- TYPE them consistently enough that they can get in without getting frustrated. I have no doubt that a large percentage of the general population can memorize long, complex passages at the word level. The number that can get them consistently right at the character level is much lower. The number that can get them consistently right at the character level when they are required to change the phrase every six months drops to near zero.


more than 3 years ago

Cheap GPUs Rendering Strong Passwords Useless

plsuh Re:Ha Ha, mine goes to 11 (615 comments)

What you're missing is that the percentage of the general population that can consistently (a) remember a long password and (b) type it without a failure at least 50% of the time, is in the single digits. Remember, general population, not geeks.

I've expressed the opinion for several years now that password authentication is broken, and that we need to move to two-factor authentication schemes ASAP.


more than 3 years ago

Epsilon Data Breach Bigger Than Just Kroger Customers' Data

plsuh Add Disney to the list (115 comments)

Text of e-mail from Disney this morning:

Dear Guest,

We have been informed by one of our email service providers, Epsilon,
that your email address was exposed by an unauthorized entry into that
provider's computer system. We use our email service providers to
help us manage the large number of email communications with our
guests. Our email service providers send emails on our behalf to
guests who have chosen to receive email communications from us.

We regret that this incident has occurred and any inconvenience this
incident may cause you. We take your privacy very seriously, and we
will continue to work diligently to protect your personal information.

We want to assure you that your email address was the only personal
information we have regarding you that was compromised in this

As a result of this incident, it is possible that you may receive spam
email messages, emails that contain links containing computer viruses
or other types of computer malware, or emails that seek to deceive you
into providing personal or credit card information. As a result, you
should be extremely cautious before opening links or attachments from
unknown third parties or providing a credit card number or other
sensitive information in response to any email.

If you have any questions regarding this incident, please contact us
at (407) 560-2547 during the hours of 9:00 am to 7:00 pm (Eastern Time)
Monday through Friday, and 9:00 am through 5:00 pm (Eastern Time)
Saturday and Sunday.


Disney Destinations

more than 3 years ago

Database of Private SSL Keys Published

plsuh Old problem (200 comments)

Apple ran into something similar a long time ago for Mac OS X Server. The servermgrd daemon uses a self-signed SSL cert by default to secure communications with remote management tools. About four or five versions back the certificate was identical across all installations because it was contained in the installer package. Someone had to go down and show them that you could read all of the traffic by using sslsniff and the private key from your own copy of the installer. They changed to an individual, automatically generated certificate shortly thereafter.


more than 3 years ago

How Apple Had a Spectacular Year

plsuh Re:Good vs. Great (504 comments)


Happy now? ;-D;-D;-D;-D;-D;-D;-D;-D;-D;-D;-D;-D;-D;-D


random text to get by the lameness filter.

9. Religious conditions were similar in Java but politically there was
this difference, that there was no one continuous and paramount kingdom.
A considerable number of Hindus must have settled in the island to
produce such an effect on its language and architecture but the rulers
of the states known to us were hinduized Javanese rather than true
Hindus and the language of literature and of most inscriptions was Old
Javanese, not Sanskrit, though most of the works written in it were
translations or adaptations of Sanskrit originals. As in Camboja,
ivaism and Buddhism both flourished without mutual hostility and there
was less difference in the status of the two creeds.

In all these countries religion seems to have been connected with
politics more closely than in India. The chief shrine was a national
cathedral, the living king was semi-divine and dead kings were
represented by statues bearing the attributes of their favourite gods.

6. _New Forms of Buddhism_

In the three or four centuries following Asoka a surprising change came
over Indian Buddhism, but though the facts are clear it is hard to
connect them with dates and persons. But the change was clearly
posterior to Asoka for though his edicts show a spirit of wide charity
it is not crystallized in the form of certain doctrines which
subsequently became prominent.

The first of these holds up as the moral ideal not personal perfection
or individual salvation but the happiness of all living creatures. The
good man who strives for this should boldly aspire to become a Buddha in
some future birth and such aspirants are called Bodhisattvas. Secondly
Buddhas and some Bodhisattvas come to be considered as supernatural
beings and practically deities. The human life of Gotama, though not
denied, is regarded as the manifestation of a cosmic force which also
reveals itself in countless other Buddhas who are not merely his
predecessors or destined successors but the rulers of paradises in other
worlds. Faith in a Buddha, especially in Amitâbha, can secure rebirth in
his paradise. The great Bodhisattvas, such as Avalokita and Mañjurî,
are splendid angels of mercy and knowledge who are theoretically
distinguished from Buddhas because they have indefinitely postponed
their entry into nirvana in order to alleviate the sufferings of the
world. These new tenets are accompanied by a remarkable development of
art and of idealist metaphysics.

about 4 years ago

How Apple Had a Spectacular Year

plsuh Good vs. Great (504 comments)

Just a quick comment from a former Apple employee; most people are familiar with the old saw, "Perfect is the enemy of good enough." I.e., instead of trying to get something perfect, you should get it good enough and then ship it. Within Apple the perspective is slightly different. There, it's more along the lines of, "Good enough is the enemy of great." I.e., good enough isn't acceptable -- for an Apple-branded product we're going to look for the next level of polish and care that differentiates our stuff from everybody else's.

I think this comes from the fusion of NeXT and Apple engineers. Most people recognize that NeXT brought a heckuva foundation for Apple's next generation operating system to the table in 1997. However, few people recognize what Apple brought to the table -- an engineering culture that regards rough edges as anathema. There was plenty of NeXT software, but much of it was very rough; it wasn't easy to pick up for the new user, was missing essential features, crashed often, or all of the above. This was a direct consequence of the fact that Foundation and AppKit allowed you to create apps quickly and easily, but then as a software developer you still have to trap errors, check for corner cases, add documentation, tweak the UI design so that common tasks are easy to accomplish, etc. This can easily take three to four times as long or more as standing up the initial core functionality. Most NeXT apps never went through this stage and so they lacked the polish for mass market users. Once the NeXT technology went through the polishing process (and it took four years before the first consumer release, really five years and 10.2 Jaguar before it was truly ready for my mom!), the new OS was a completely different animal from OpenStep 4.2 -- much more polished and suitable for mass-market consumers.


about 4 years ago



Evernote Hit by Hackers

plsuh plsuh writes  |  about 2 years ago

plsuh writes "Evernote is the latest victim of an attack. According to their website,

"In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

"The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)"

No indication as to the hashing mechanism — is it a simple, easily brute forced MD-5 or is it a harder, more secure PBKDF2, Bcrypt, or Scrypt with lots of rounds? Anyway, Evernote has reset the passwords of all of the affected users."

Link to Original Source


plsuh has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?